Educause Security Discussion mailing list archives
Re: Handling flood of returned e-mail messages due to spam with forged sender address
From: Dick Jacobson <Dick.Jacobson () NDSU NODAK EDU>
Date: Tue, 17 Aug 2004 09:24:02 -0500
On Mon, 16 Aug 2004, Scott Weeks wrote:
On Mon, 16 Aug 2004, Gary Flynn wrote: Hi Gary, : Anyone else been through this already? Yes : Did the activity stop by itself after a period of time? No, at least at my ISP. Not a problem here at work, so I assume there may be a setting the email administrator can set. : I'm getting ready to send abuse reports to the dozens of sending : organizations but I'm not optimistic. It won't help. There's nothing they can do. It's a virus that searches the addressbook of the infected machine. It has nothing to do with the other folks, except that they're in the addressbook of the infected machine. : Why would someone pick a real address of a single person to forge : in these messages anyway? To our knowledge, this isn't retaliatory : activity but I guess you never really know. Because that's the way the virus was written. It's not retaliatory if it's the virus I'm describing.
And when was the last time you saw a real spammer use their own real address on the From: line ? As postmaster I was getting several thousand of these daily - a couple years ago. We used filters to divert the mail before it hit my inbox. Of course I need to clean the log files frequently to avoid quota problems. ;-) This is the reason I insisted we not try to return infected mail to the source (or notify them). The a/v vendors have not developed the code to be able rip apart the headers to determine the true origin.
scott ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
-- ----------------------------------------------------------------------- Dick Jacobson e-mail : Dick.Jacobson () ndsu NoDak edu ND HECN MultiUser Host SysAd office : IACC 206, NDSU NDUS IT Security Officer phone : 701-231-7385 ----------------------------------------------------------------------- ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Handling flood of returned e-mail messages due to spam with forged sender address Gary Flynn (Aug 16)
- <Possible follow-ups>
- Re: Handling flood of returned e-mail messages due to spam with forged sender address Scott Weeks (Aug 16)
- Re: Handling flood of returned e-mail messages due to spam with forged sender address Dick Jacobson (Aug 17)
- Re: Handling flood of returned e-mail messages due to spam with forged sender address Gary Flynn (Aug 17)